Bug 1418579 - Use selinux when building ovirt-appliance
Summary: Use selinux when building ovirt-appliance
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-appliance
Classification: oVirt
Component: Build
Version: 4.1
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ovirt-4.2.2
: ---
Assignee: Yuval Turgeman
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-02 08:50 UTC by Yuval Turgeman
Modified: 2018-04-30 11:01 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-03-29 11:03:55 UTC
oVirt Team: Node
Embargoed:
rule-engine: ovirt-4.2+
grafuls: testing_plan_complete-
sbonazzo: devel_ack+
lsvaty: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 80451 0 master MERGED cloud-init: add cloud_init_t to permissive list 2017-10-16 15:58:09 UTC

Description Yuval Turgeman 2017-02-02 08:50:33 UTC 
Today the kickstart for building ovirt-appliance sets selinux --permissive, we need to check if it can be changed to enforcing.
Comment 1 Yuval Turgeman 2017-06-05 10:33:09 UTC 
This was reverted since engine-setup (firewall-cmd) hangs in selinux when run from cloud-ini (missing transition from cloud_init_t to firewalld_t)
Comment 2 Red Hat Bugzilla Rules Engine 2017-06-05 10:33:14 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 3 Sandro Bonazzola 2017-06-09 09:59:44 UTC 
Dropping code change, since this requires a full functional test once done.
Comment 4 Ryan Barry 2017-06-27 09:54:38 UTC 
Yuval - has a bug been filed against cloud-init for this?
Comment 5 Yuval Turgeman 2017-06-27 13:02:20 UTC 
Yes, not by us, though, but it's the same behavior, see bug 1126096
Comment 6 Yuval Turgeman 2017-06-29 13:21:45 UTC 
I just noticed that bug 1126096 was reported in 2014, could setenforce 0 or add cloud_init_t to permissive in our cloud-init script ?
Comment 8 Yaniv Kaul 2017-10-26 11:37:04 UTC 
Can this move to MODIFIED?
Comment 9 Sandro Bonazzola 2017-11-14 09:15:59 UTC 
We need a patch in appliance code.
Comment 10 Gonza 2018-01-11 15:19:10 UTC 
Checked on:
rhvm-appliance-20180103.0-1.x86_64.rhevm.ova

$ getenforce
Permissive
Comment 11 Red Hat Bugzilla Rules Engine 2018-01-11 15:19:16 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 13 Gonza 2018-02-21 09:19:33 UTC 
Verified with:
rhvm-appliance-4.2-20180202.0.x86_64.rhevm.ova

# getenforce
Enforcing
Comment 14 Sandro Bonazzola 2018-03-29 11:03:55 UTC 
This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.